"Authentication" involves verifying the correctness of security characteristics to prevent unauthorized changes in the secrecy and/or integrity of information. A variety of authentication procedures and security policies are used to help control access to information stored on networks and other computer systems. Many sources of information about computer system security are available. One source is U.S. Pat. No. 5,349,642, Method and Apparatus for Authentication of Client Server Communication, which is incorporated herein by reference.
The available approaches for protecting the security of information fall generally into two groups, depending on the discretion given or denied to routine users of the computer system. Perhaps the most common of these two approaches to security is known generally as "discretionary access control" or "DAC." DAC is based mainly on determining a user's identity and any relevant groups to which the user belongs. DAC may be implemented using access control lists, capability lists, owner-group-world flags, cleartext names, passwords, biometric scans, or other means.
DAC is discretionary in that the access rights given to a user may be transferred by that user to other users. DAC allows authorized users to change access rights, to grant group membership to other users, or to Otherwise transfer rights directly or indirectly.
By contrast, approaches which are known generally as "mandatory access control" or "MAC" do not allow such transfers or changes in access rights. MAC limits access based on the user's clearance level(s) and on the sensitivity of the information, which is reflected in the information's classification level. Clearance and classification levels are determined by one or more system administrators or other security personnel and are not subject to routine change by users. MAC is one of the requirements for systems at the B1, B2, B3, and A1 security levels set forth in the United States Department of Defense Trusted Computer System Evaluation Criteria (known as the "Orange Book").
Both DAC and MAC approaches are sometimes enhanced to reflect knowledge about the user's connection to the system. For instance, tables or filters may be used to further restrict access based on the network file system setup, on whether access is attempted with World Wide Web or File Transfer Protocol software, on UNIX rhosts lists, on the port number, the device used, the LAN segment, the packet addresses, and other characteristics of the connection.
The wide variety of identification, authentication, and security techniques and equipment in use creates problems for network and other system administrators. The degree of administrative difficulty and the risk of errors grows rapidly as the number of computers involved and the number of security options for each computer multiply.
Moreover, the effective security of a system may be inadvertently weakened when the system is enhanced to allow new means of access. For instance, if an additional server computer is placed in the system, that server typically defines its own access controls based on its local tables, filters, software and hardware. Unless detailed preventive steps are taken, different servers can provide the same user with different degrees of access to the same information. This leads at best to administrative complexity, and in the worst case allows unauthorized access to sensitive information.
Similar problems arise when two networks are initially connected. One current approach requires that everyone using the combined system conform with the strictest authentication procedure previously in use on either system. But this is not always feasible, and the resulting new barriers may unnecessarily restrict access to information that is not especially sensitive. Under another approach the combined system uses the weakest authentication procedure that was previously in use on either system. This does not impose unnecessary new barriers, but it may place sensitive information at risk.
Thus, it would be an advancement in the art to provide a novel system and method for providing a consistent access policy in a computer network.
It would be an additional advancement to provide such a system and method which combines useful aspects of the DAC and MAC approaches to security with information about the authentication procedures(s) used on the network.
Such a method and system are disclosed and claimed herein.